This is an automated email from the ASF dual-hosted git repository.
kinow pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-imaging.git
The following commit(s) were added to refs/heads/master by this push:
new 02bd6c4 IMAGING-210: prevent NegativeArraySizeException in chunks in
PngImageParser
new 8ee267d Merge pull request #51 from kinow/IMAGING-210
02bd6c4 is described below
commit 02bd6c4fb271cbf69fe11554b3dbb69279428c6f
Author: Bruno P. Kinoshita <ki...@apache.org>
AuthorDate: Sun Aug 18 00:56:26 2019 +1200
IMAGING-210: prevent NegativeArraySizeException in chunks in PngImageParser
---
src/changes/changes.xml | 3 +++
.../commons/imaging/formats/png/PngImageParser.java | 3 +++
.../formats/png/PngWithInvalidPngChunkSizeTest.java | 15 +++++++++++++++
src/test/resources/IMAGING-210/testfile.png | Bin 0 -> 14021 bytes
4 files changed, 21 insertions(+)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 01ad1db..4fd3389 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -66,6 +66,9 @@ The <action> type attribute can be add,update,fix,remove.
<action issue="IMAGING-211" dev="kinow" type="fix">
Imaging.getBufferedImage fails throwing
java.lang.ArrayIndexOutOfBoundsException for specific inputs
</action>
+ <action issue="IMAGING-210" dev="kinow" type="fix">
+ Imaging.getBufferedImage fails throwing NegativeArraySizeException for
specific inputs
+ </action>
</release>
<release version="1.0-alpha1" date="2019-04-28" description="First 1.0
alpha release">
<action issue="IMAGING-199" dev="kinow" type="fix" due-to="Ric Emery">
diff --git
a/src/main/java/org/apache/commons/imaging/formats/png/PngImageParser.java
b/src/main/java/org/apache/commons/imaging/formats/png/PngImageParser.java
index 00a81a0..4b1b57b 100644
--- a/src/main/java/org/apache/commons/imaging/formats/png/PngImageParser.java
+++ b/src/main/java/org/apache/commons/imaging/formats/png/PngImageParser.java
@@ -154,6 +154,9 @@ public class PngImageParser extends ImageParser {
while (true) {
final int length = read4Bytes("Length", is, "Not a Valid PNG
File", getByteOrder());
+ if (length < 0) {
+ throw new ImageReadException("Invalid PNG chunk length: " +
length);
+ }
final int chunkType = read4Bytes("ChunkType", is, "Not a Valid PNG
File", getByteOrder());
if (LOGGER.isLoggable(Level.FINEST)) {
diff --git
a/src/test/java/org/apache/commons/imaging/formats/png/PngWithInvalidPngChunkSizeTest.java
b/src/test/java/org/apache/commons/imaging/formats/png/PngWithInvalidPngChunkSizeTest.java
index faa5d65..10de802 100644
---
a/src/test/java/org/apache/commons/imaging/formats/png/PngWithInvalidPngChunkSizeTest.java
+++
b/src/test/java/org/apache/commons/imaging/formats/png/PngWithInvalidPngChunkSizeTest.java
@@ -50,4 +50,19 @@ public class PngWithInvalidPngChunkSizeTest {
Imaging.getBufferedImage(imageFile, params);
}
+ /**
+ * Test that an image with an invalid negative PNG chunk size causes an
+ * ImageReadException instead of other exception types.
+ *
+ * @throws IOException if it fails to read from the input source
+ * @throws ImageReadException if it fails to read the image
+ */
+ @Test(expected = ImageReadException.class)
+ public void testPngWithInvalidNegativePngChunkSize() throws IOException,
ImageReadException {
+ final File imageFile = new File(
+
JpegWithInvalidDhtSegmentTest.class.getResource("/IMAGING-210/testfile.png").getFile());
+ final Map<String, Object> params = new HashMap<>();
+ params.put(ImagingConstants.BUFFERED_IMAGE_FACTORY, new
ManagedImageBufferedImageFactory());
+ Imaging.getBufferedImage(imageFile, params);
+ }
}
diff --git a/src/test/resources/IMAGING-210/testfile.png
b/src/test/resources/IMAGING-210/testfile.png
new file mode 100644
index 0000000..781368a
Binary files /dev/null and b/src/test/resources/IMAGING-210/testfile.png differ
